How to make Vault Highly Available
Deploy OSS Vault with HA on NFS
In this article we are going to see how to deploy the open source Vault in production environment, initialize, unseal and make it highly available. To achieve that, we are going to utilize the open source consul and open source vault along with the Vault Initializer and Vault Load Balancer.
As referenced in this GH issue, Vault doesn’t natively support NFS backend. And that is one of the reason we are going to use Consul. To deploy consul with NFS backend, let’s use this official helm chart here.
After deploying consul cluster with the NFS backend on the kubernetes, the k8s cluster will look similar to this.
The above figure is with the assumption of the Kubernetes cluster having five worker nodes. So the consul agents will be deployed in all the worker nodes and for HA we deploy three instances of consul server. Consul uses a consensus protocol based on RAFT to provide Consistency. So it needs an odd number of instances to form a quorum.
Now using the kubernetes service via ingress, the consul can be accessed from outside the cluster.
